Most of the vulnerabilities were in WebKit, which forms the basis for iOS's Safari browser. A bug has also been fixed which allowed JavaScript to be enabled without user interaction when the device displayed one of Apple's "Smart App Banners", even after the user had disabled JavaScript. Apple has also removed a vulnerability in the iOS 6 kernel previously publicly demonstrated by Mark Dowd.

Although the updates fix a large number of extremely critical security vulnerabilities, there is no need to panic – to date there has not been a single known case of such a security vulnerability being exploited to compromise an iPhone or iPad. Although the theoretical possibility has been demonstrated (by programs such as Jailbreakme), the difficulty involved in doing so has clearly deterred would-be fraudsters.

Apple also released an update for the Apple TV, 5.1.1, which fixes the same kernel vulnerability as iOS and a problem with JavaScript array checking.